PHP MYSQL:用户删除自己的帖子

时间:2015-06-18 20:52:17

标签: php mysql

我创建了一个论坛,供人们注册/登录以发布主题和回复。

现在我在每个主题旁边添加了一个删除链接,如果按下该链接将转到deletetopic.php,如果用户创建了此主题,它将被删除,如果没有,则表示您没有创建此主题。 / p>

这是deletetopic.php 

<?php
session_start();
include("config.php");

if(!isset($_SESSION['uid'])){
            echo "<p><b>ERROR: Please log in to delete a topic.";
        }

if(isset($_SESSION['username']))
{
    $uid = $_SESSION['uid']; 
    $id=$_GET['id'];

    $query1=mysql_query("delete FROM topics WHERE id='$id' and uid='$uid'");
    if($query1){
        header('location:index.php');
    }
    else{
        echo "<p><b>ERROR: You didnt make this topic.";
    }
}

它不起作用,只是给了我其他的{error}

这是我的表格:

CREATE TABLE `users` (
  `id` INT(11) NOT NULL AUTO_INCREMENT,
  `firstname` VARCHAR(255) NOT NULL,
  `lastname` VARCHAR(255) NOT NULL,
  `email` VARCHAR(255) NOT NULL,
  `username` VARCHAR(255) NOT NULL,
  `password` VARCHAR(100) NOT NULL,

  PRIMARY KEY (`id`)

CREATE TABLE `topics` (
  `id` INT(11) NOT NULL AUTO_INCREMENT,
  `categoryID` TINYINT(4) NOT NULL,
  `topicTitle` VARCHAR(150) NOT NULL,
  `topicCreator` INT(11) NOT NULL,
  `topicLastUser` INT(11) NOT NULL,
  `topicDate` DATETIME NOT NULL,
  `topicReplyDate` DATETIME NOT NULL,
  `topicViews` INT(11) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)

编辑:

uid来自这里我认为:login.php 

if (isset($_POST['username'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
    $sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1";
    $result = mysql_query($sql) or die(mysql_error());
    if (mysql_num_rows($result) == 1){
        $row = mysql_fetch_assoc($result);
        $_SESSION['uid'] = $row['id'];
        $_SESSION['username'] = $row['username'];
        header("Location: index.php");
        exit();
    }else{
        echo "<p>Invalid information. Please return to the previous page.";
        exit();
    }
}

更新

if(isset($_SESSION['username']))
{
    $uid = $_SESSION['uid']; 
    $id=$_GET['id'];
    
    $check = mysql_query("SELECT * FROM topics WHERE id = '$id' AND topicCreator = '$uid'");
    if($check){
        $query1=mysql_query("delete FROM topics WHERE id='$id' AND topicCreator='$uid'");
        header('location:index.php');
    }
    else{
        echo "<p><b>ERROR: You didnt make this topic.";
    }
}

仍然无法工作,只需返回索引

2 个答案:

答案 0 :(得分:2)

uid中没有topics列,可能是topicCreator

$query1=mysql_query("delete FROM topics WHERE id='$id' and topicCreator='$uid'");

您应该考虑这里留下的关于从mysql更改为mysqli或PDO的注释。并使用预准备语句来防止SQL注入。

还有另一个问题。在删除主题之前,您需要检查用户是否为topicCreator。

$check = mysql_query("SELECT * FROM topics WHERE id = '$id' AND topicCreator = '$uid'");

if($check){
// Allow deletion
}
else{
// Don't allow deletion
}

答案 1 :(得分:0)

好的,这里我的代码运行良好,但有一个问题。 当用户不是帖子的创建者时,是的,它不会删除帖子,但它没有说错误:你没有发布这个。

所以基本上,在两种情况下,它都说Topic已被删除,即使它没有删除它。 else语句没有运行。

知道为什么吗?

&#13;
&#13; 
if(!isset($_SESSION['uid'])){
            echo "<p><b>ERROR: Please log in to delete a topic.";
        }
        
if(isset($_SESSION['username']))
{
    $uid = $_SESSION['uid']; 
    $id=$_GET['id'];
    
    $check = mysql_query("SELECT * FROM topics WHERE id = '$id' AND topicCreator = '$uid'");
    if($check){
        $query1=mysql_query("delete FROM topics WHERE id='$id' AND topicCreator='$uid'");
        echo "<p>Topic has been successfully deleted. <a href='index.php'>Click here to return to home page.</a>";
    }
    else{
        echo "<p><b>ERROR: You didnt make this topic.";
    }
}
&#13;
&#13;
&#13;

相关问题
最新问题